1. Field of the Invention
This invention relates to installing patches on computer systems and more particularly to systems and methods for reliably installing patches on computer systems in a network.
2. Description of the Related Art
The number of security holes, software bugs, and other vulnerabilities that effect or threaten computer systems in networks of various types has increased exponentially over the last decade. For example, statistics gathered from CERT (Computer Emergency Response Team) indicate that vulnerabilities have risen from 171 in 1995 to 5990 in 2005, a growth of 3500 percent in just ten years. This figure may actually be higher, since these numbers do not include vulnerabilities that may be present in custom software. The effects of these vulnerabilities are manifold and may include, for example, computer and network downtime, remediation time and costs, impaired data integrity, loss of credibility, loss of revenue, negative public relations, exposure to legal action, and loss of intellectual property.
Many computer and network vulnerabilities may be resolved by implementing countermeasures on effected systems, such as by installing a “patch” or other critical update. Nevertheless, although a patch may remedy a particular vulnerability, a patch must be installed on the effected system prior to an attack to be effective. Unfortunately, there is usually a significant delay from the time a patch is released to the time it is actually applied to a system. It is during this interval that the majority of the most damaging attacks occur. Consequently, a vast amount of damage and disruption could be avoided by simply ensuring that patches are installed in a timely manner when made available.
For this reason, one of the most important responsibilities of IT specialists is that of regularly patching and updating computer software on a network. Such a task generally requires a pro-active management approach as opposed to a “wait-and-see” approach to be effective. This task is becoming more difficult, however, as the number of vulnerabilities and applications run by an enterprise continues to increase. Adding to the difficulty is the need to apply patches to running and non-running systems while maintaining operational efficiency and without causing interruptions or breakdowns in the system.
The ability to effectively manage patches may also require accurate up-to-date knowledge of hardware and software assets of a network. Absent this information, it may be impossible or at least highly inefficient to determine which computers in a network or other environment require an update. Acquiring this information may be difficult where certain computers are turned off or where selected computer systems are down for repair or service.
Currently, there is no reliable and efficient way to ensure that patches are successfully applied to computers in a large network, such as a corporate network. This is especially true where patches are administered remotely. For example, there is no reliable and efficient way to ensure that computers on the network have been rebooted where patch installation requires a reboot. There is also no reliable and efficient way to ensure that patches are installed on computers that are turned off or non-operational.